OT: Calling milters based on RBL hits?

[Matt Kettler <mk...@evi-inc.com>]

I know this is slightly OT here, but it is related to spamfighting, and 
there are some good sendmail hacks on this list. The concept might prove 
useful to others here too.

Concept: I want to be able to greylist email that matches an RBL. I'd 
rather not greylist all mail company wide (although I do greylist all mail 
to this account) due to latency and multi-smarthost site problems. I also 
can't afford the FPs of outright rejecting mail based on RBLs. However, I 
can see greylisting all mail that matches an RBL, particularly ones like 
DULs and XBL. You could even use fairly "aggressive" RBLs in this fashion..


Setup: Sendmail, milter-greylist, MailScanner, SA.

Currently I use sendmail, and have milter-greylist enabled in "test mode" 
so only my account is greylisted. Based on testing with my account, some 
MTAs take a few hours (my greylist period is one minute, so any retry will 
succeed). The delay is fine for me, but there are others here who expect 
email to be relatively quick unless there's an outage. Certainly multi-hour 
delays aren't good for some people who are receiving business related files 
like price quotes, product specs, tech support, etc.

So, aside from hacking milter-greylist itself, is there a way in 
sendmail.cf to only call a milter when a RBL hits? Is there another milter 
that can wrap milter-greylist to do this? (ie: sendmail calls 
milter-rbl-wrapper, and milter-rbl-wrapper conditionally calls milter-greylist)

Re: OT: Calling milters based on RBL hits?

[Matt Kettler <mk...@evi-inc.com>]

At 01:12 PM 2/3/2005, Kelson wrote:
>I can't speak for Mailscanner, but I know MIMEDefang has some built-in RBL 
>functions, and people have posted several greylist implementations that 
>work within a MIMEDefang filter.  With that setup, you could have MD do 
>the RBL lookup and conditionally run the greylist code.

Yeah, I could do that. Mimedefang would effectively be acting as the 
"milter that wraps another milter" in this case.

MailScanner definitely could not do this. MailScanner runs post-delivery, 
so at that point, any greylisting is impossible. 

Re: OT: Calling milters based on RBL hits?

[Kelson <ke...@speed.net>]

Matt Kettler wrote:
> So, aside from hacking milter-greylist itself, is there a way in 
> sendmail.cf to only call a milter when a RBL hits? Is there another 
> milter that can wrap milter-greylist to do this? (ie: sendmail calls 
> milter-rbl-wrapper, and milter-rbl-wrapper conditionally calls 
> milter-greylist)

AFAIK, all milters are always called directly from sendmail (assuming 
the previous milter accepted the message), so any decision has to be 
made within a milter, not within sendmail.  In this scenario, you would 
have to hack or replace milter-greylist.

I can't speak for Mailscanner, but I know MIMEDefang has some built-in 
RBL functions, and people have posted several greylist implementations 
that work within a MIMEDefang filter.  With that setup, you could have 
MD do the RBL lookup and conditionally run the greylist code.

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>

Re: OT: Calling milters based on RBL hits?

[Andy Jezierski <aj...@stepan.com>]

Matt Kettler <mk...@evi-inc.com> wrote on 02/03/2005 11:01:02 AM:

> Setup: Sendmail, milter-greylist, MailScanner, SA.
> 
> Currently I use sendmail, and have milter-greylist enabled in "test 
mode" 
> so only my account is greylisted. Based on testing with my account, some 

> MTAs take a few hours (my greylist period is one minute, so any retry 
will 
> succeed). The delay is fine for me, but there are others here who expect 

> email to be relatively quick unless there's an outage. Certainly 
multi-hour 
> delays aren't good for some people who are receiving business related 
files 
> like price quotes, product specs, tech support, etc.

Don't have an answer for you about the milter, but when I was setting up 
our greylist I monitored the logs for a few days to find what domains our 
company communicated with on a regular basis and whitelisted them.  This 
took care of the delay problem for the most part, I still get the 
occasional complaint from someone whose mail was delayed, but those are 
few and very far between.

Andy